Compel

From CRIU
Revision as of 19:06, 10 February 2016 by Kir (talk | contribs) (a few typos)
Jump to navigation Jump to search

Compel GIT repo is at http://github.com/xemul/compel

Usage ideas

One thing parasite code can do is call clone() and create thread having access to main process VM, FDT, FS, etc. The new thread can then

  • Check socket FDs to get stuck/closed by polling them
  • Apply "logrotate" on the fly
  • Garbage collector
  • Catch SIGSEGV, do smth with mappings and act upon "illegal" memory access
    • Remote swap for task
    • WSS detection

Another is to do some activity on the victim and then just unload. With this we can

  • Death detection. Open pipe/socket and pass the other end outside. Once the victim dies the pipe/socket will wake up.
  • Binary updates. E.g. live patching or libs relink
  • Tunneling -- replace opened socket with unix one, and send the former one to the caller
    • Inject socket spy
    • Pack/Unpack
    • Crypt/Decrypt
    • Traffic analyzer
    • Traffic fanout (multiplex)
  • The same for files on disks -- proxy via pipe(s)
    • Filter/split logs
  • Do "nohup" on the fly
  • Debug stuff by MSG_PEEK-ing sockets messages of tee+splice sockets
  • Re-connect sleeping sockets to other addresses (not 100% safe)
  • "Soft" restart of a service -- call execve() from it's context
  • Force entering into CT (except pid namespace, probably)
  • Re-open all files (and cwd, root) to facilitate moving on new / (e.g. for disk replacement)
  • Remove leaks from e.g. malloc/free heap
  • Force reparent (pid change!)
    • Re-open all files -- force daemonize